The state of cloud encryption: From fiction to actionable reality

The risks of data privacy, residency, security and regulatory compliance remain significant barriers to cloud adoption for many enterprises. While encryption seems like an obvious solution, historically the technology produced usability issues for cloud applications. To complicate matters, putting encryption into the hands of cloud service providers still left the enterprise open to risks such as insider fraud, hacking and disclosure demands from law enforcement.

The risks of data privacy, residency, security and regulatory compliance remain significant barriers to cloud adoption for many enterprises. While encryption seems like an obvious solution, historically the technology produced usability issues for cloud applications. To complicate matters, putting encryption into the hands of cloud service providers still left the enterprise open to risks such as insider fraud, hacking and disclosure demands from law enforcement.

Fortunately, technical advances have led to a new category of cloud encryption. When deployed, users access cloud services from Salesforce, Microsoft, Google, etc. through gateways that encrypt data before it goes to the cloud, while it is at rest, and decrypt it on the way back. This ensures information moving to and from and while resident in the cloud is fully protected from any type of exposure.

This approach to encryption serves as a stable foundation for locking down information in the cloud and delivers these five enterprise-grade benefits:

* Operations-preserving encryption. Until recently, encrypting cloud information "broke" the functions in applications like Salesforce, Google Gmail or Microsoft Office 365. Users could no longer search or sort any encrypted fields, significantly hampering the use of encryption with cloud applications. However, a cryptographic technology breakthrough called operations-preserving encryption solves this problem. This approach enables the encryption of sensitive fields like Social Security or credit card numbers, while still letting users see, search, sort and report on the encrypted information.

* Near-zero latency. While operations-preserving encryption makes encrypting information in the cloud possible, speed of performance is essential for user productivity. It is essential that an encryption gateway operates with near-zero latency, which is typically not noticeable by end users.

* Content- and context-sensitive encryption. Another recent breakthrough is that of dynamic, content- and context-aware encryption. It works by identifying sensitive data based on policies regarding the data content and the context in which it is used, and then automatically encrypting one or more fields. This technique speeds up deployment, enforces policies automatically and can help prevent data loss for organizations that are adopting CRM, collaboration, file sharing and cloud storage applications.

* Enterprise key control. If the cloud service provider controls the keys, cloud data is still at risk from hackers, hactivists, insider fraud or disclosures to law enforcement. Gartner's research note "Five Cloud Data Residency Issues That Must Not Be Ignored" recommends enterprises take steps to assure the privacy of sensitive information, achieve regulatory compliance and understand the implications of data disclosure laws. Their recommendations include deploying encryption solutions, especially for addressing data residency concerns for data crossing borders, and to manage the keys locally to comply with local privacy requirements. Key retention by the enterprise ensures no third party -- whether law enforcement, cloud provider system administrators or cybercriminals -- can access sensitive information in the cloud without first contacting the data owner.